MarsJoke Ransomware Targets State And Local Government Agencies (Sep 30, 2016)

Description

The Dell Sonicwall Threats Research team observed reports of a new Ransomware family Named MarsJoke [GAV:FileCryptor.A_2]
whichtargets state and local government agencies actively spreading in the wild.

The Malware encrypts the victims files with a strong encryption algorithm until the victim pays a fee to get them back.

Infection Cycle:

The Malware uses the following icons:

The Malware adds the following files to the system:

Malware.exe

%Userprofile%\Start Menu\Programs\Startup\Malware.exe

C:\WINDOWS\Tasks\exgnygmf.job

C:\Documents and Settings\!!! For Decrypt !!!.bat

C:\Documents and Settings\!!! Readme For Decrypt !!!.txt

The Trojan adds the following keys to the Windows registry to ensure persistence upon reboot: